3.2.3 Initialization

Interface initialization: The CA MUST listen on the well-known endpoint specified for this RPC interface for the RPC over named pipes binding. The CA also MUST register with the RPC endpoint mapper service for the TCP over RPC binding (as specified in [MS-RPCE] section 2.2.1.2). Details are as specified in section 2.1.

Cryptographic initialization: The CA SHOULD obtain the certificates, the signing private key, and the exchange private key. The CA also MUST validate the CA signing certificates and its chain. The validation is based on chain validation, as specified in [RFC3280] section 6.<4>